RACF® maintains an entry
in the TVTOC for each data set that a user writes to a scratch pool
volume. The data set can be:
- Protected by a discrete profile, an appropriate generic profile,
or both
- Not protected by any profile
When a user requests access to a data set on the tape volume, RACF performs access checking as
follows:
- RACF checks the user's
authority to the volume on which the data set resides. If the user
has sufficient authority to the volume, RACF grants
access to the data set. If the user does not have sufficient authority
to the volume, access checking proceeds with Step 2.
- RACF checks
to see if the data set is RACF-indicated. (For more information on
RACF-indicated data set s, see Protection through discrete profiles.)
If the data set is RACF-indicated, access checking proceeds with Step
3; if not, access checking proceeds with step 4.
- The data set is RACF-indicated. RACF checks for a discrete profile that protects
the data set. If RACF does
not find a discrete profile, access checking proceeds with Step 4.
If RACF finds a discrete profile
and the user has sufficient authority to the data set, RACF grants access. If the user does not have
sufficient authority to the data set, RACF denies
access.
- RACF searches
for an appropriate generic profile. If RACF finds
a generic profile and the user has sufficient authority to access
the data set, RACF grants the
request. If the user does not have sufficient authority to access
the data set, RACF fails the
request. If RACF does not find
a generic profile, RACF fails
the request.